Javascript 混合内容页面:请求不安全的样式表错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30434786/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Mixed Content Page: requested an insecure stylesheet error
提问by Karim Harazin
I have a website working on it. when i open any page with http:// protocol, every thing is loaded correctly, but when i try to load the page with https protocol, the page loaded but without css and javascript file.
The console shows the following errors.
我有一个网站正在处理它。当我使用 http:// 协议打开任何页面时,所有内容都正确加载,但是当我尝试使用 https 协议加载页面时,页面已加载但没有 css 和 javascript 文件。
控制台显示以下错误。
Mixed Content: The page at 'https://www.example.com/index.php?main_page=login' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/site_map.html'. This request has been blocked; the content must be served over HTTPS.
混合内容:“ https://www.example.com/index.php?main_page=login”页面已通过 HTTPS 加载,但请求了不安全的样式表“ http://www.example.com/site_map.html” . 此请求已被阻止;内容必须通过 HTTPS 提供。
I figured that the problem is the browser can not load any css files when it requested by https protocol.
The problem is with htaccess file, because when i removed it, the css files loaded correctly.
我认为问题是浏览器在 https 协议请求时无法加载任何 css 文件。
问题出在 htaccess 文件上,因为当我删除它时,css 文件加载正确。
The page and css files loaded to browser with https in their urls like this
像这样在 URL 中使用 https 加载到浏览器的页面和 css 文件
<link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style1.css">
<link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style2.css">
when the browser tries to load the css files, it is redirected to
当浏览器尝试加载 css 文件时,它被重定向到
http://www.example.com/site_map.html
How can i make htaccess allow https to open the css and js files in a specific folder?
Thanks
如何让 htaccess 允许 https 打开特定文件夹中的 css 和 js 文件?
谢谢
UPDATEThe htaccess file content
更新htaccess 文件内容
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule (.*) http://www.example.com/
###############################################################################
# Common directives
###############################################################################
# NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/ [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ http://www.example.com/ [R=301,L]
#RewriteBase /
###############################################################################
# Start Ultimate SEO URLs
###############################################################################
# Original (unchanged) URL formats
RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-(.*)-p(.*)\.html$ /index.php?main_page=&cPath=&sort=&page=
RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=&%{QUERY_STRING} [L]
RewriteRule ^(.*)-ez-(.*).html$ index.php?main_page=page&id= [L]
# All other pages
# Don't rewrite real files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index\.php?main_page=&%{QUERY_STRING} [L]
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule index.html$ index.php [QSA]
# 480 weeks
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=290304000, public"
</FilesMatch>
# 2 DAYS
<FilesMatch "\.(xml|txt)$">
Header set Cache-Control "max-age=172800, public, must-revalidate"
</FilesMatch>
# 2 HOURS
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>
# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
RewriteEngine on
RewriteBase /
ErrorDocument 404 /index.php
RewriteRule index.html$ index.php [QSA]
采纳答案by andale
Here's your problem:
这是你的问题:
RewriteCond %{SERVER_PORT} ^443$
RewriteRule (.*) http://www.example.com/
You don't allow SSL requests (443 port number is used for HTTPS requests). Try removing these lines.
您不允许 SSL 请求(443 端口号用于 HTTPS 请求)。尝试删除这些行。
回答by joews
If you are able to serve CSS etc over HTTPS, the best solution is to use //as the schemefor asset URLs.
如果你能成为CSS等通过HTTPS,最好的解决办法是使用//作为该计划资产的URL。
That means "use the same scheme (sometimes called protocol) as the parent document", i.e. use httpsif the page uses https. For example:
这意味着“使用与父文档相同的方案(有时称为协议)”,即https如果页面使用https. 例如:
<link rel="stylesheet" href="//mysite.com/styles.css">
<script src="//mysite.com/app.js"></script>
回答by Ioannis Loukeris
Most probably inside your html code you have something like
很可能在您的 html 代码中,您有类似的东西
<link href="http://someSite.com/css/someStyle.css" rel="stylesheet" type="text/css" />
you should change this to
你应该把它改成
<link href="https://someSite.com/css/someStyle.css" rel="stylesheet" type="text/css" />
also the page you are referring to is .html not css, but i guess that is a typo ...
您所指的页面也是 .html 而不是 css,但我想这是一个错字......
回答by Akash Agarwal
回答by Soumya Rajiv
Experienced similar error in Drupal 8.0.1
在 Drupal 8.0.1 中遇到类似的错误
Error- Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure stylesheet ''. This request has been blocked; the content must be served over HTTPS.
错误-混合内容:'' 处的页面已通过 HTTPS 加载,但请求了不安全的样式表 ''。此请求已被阻止;内容必须通过 HTTPS 提供。
Solution- Open .htaccess file and add the following line Header always set Content-Security-Policy "upgrade-insecure-requests;"
解决方案- 打开 .htaccess 文件并添加以下行 Header always set Content-Security-Policy "upgrade-insecure-requests;"
